The Digital Standard for privacy and security

Screenshot of The Digital Standard website

The standard is a community effort to bring together great privacy and security practices for those building digital products and services. Specifically, it aims to help organisations test products - maybe a smart thermostat - and assess how well it respects the owner’s rights.

It’s hard to understand the devices we buy

My own perspective is probably a little unusual. On the one hand, I built myself a “smart” front door - from scratch - using open hardware and my own software. I know exactly how it works, where the data lives, who can see what... everything.

Photograph of the casing of Paul's smart front door system

On the other hand, I also have a proprietary internet-connected thermostat. It was much quicker to install than my door, it’s got a slick app, and it “just works”.

But... I really don’t like that it knows when I’m home or what times I sleep. I don’t like that there’s a database somewhere with the fact that I’m on holiday, strongly linked to my real name and address, which I was required to give.

Every time I see an update to the slick iOS app I wonder who’s funding that development team. I’m not paying them anything - so who is?

The Digital Standard encourages secure and private by default

The Digital Standard encourages manufacturers to answer the sort of questions I’m not able to answer:

Who’s my data shared with?

Will it still work if the company loses interest?

Can I update the software after it’s out of warranty?

Does it give hackers an easy way into my network?

One of my favourite examples from the standard is to do with digital restrictions:

“The company does not use technical, feature-level, or legal means to block a consumer's ability to get a device repaired.”